Tips for Secure Web Development
Note: All links on this page are external links, and are provided as reference only.
- Consider moving your content to the BYU Sites platform. There are many advantages to moving content, including improved security.
- Insist that administrators and those able to manage content have strong passwords. Apply Duo two-factor authentication to your site login and do not use default passwords.
- Implement a Secure Socket Layer (SSL) protocol to establish a secure and encrypted connection.
- Back up your site and connected database(s) regularly.
- Limit or deny file uploads on your website. Remove executable permissions for files and direct users to share information using another method or application.
- Keep your software updated and patched—that includes plug-ins and extensions. Subscribe to or check for security updates regularly.
Put these practices into place to ensure your Drupal site remains impenetrable.ReviewUser roles and permissions UseSecurity Modules (captcha, etc.) RemoveDefault User | 12 Must Have Security Modules for Your Drupal Website Complete Guide on Drupal Security 7 Quick Ways to Secure Drupal: Basic Security Checklist |
Put these practices into place to ensure your WordPress site remains impenetrable. DoFollow WordPress coding standards Back up your website regularly Update your WordPress plugins Lock down WordPress Admin Use a WordPress security plugin Don'tUse an older version of PHP Neglect checking file and server permissions Allow file editing in the WordPress Dashboard Put off two-factor authentication Keep default users and passwords Forget to use SSL for your site | The Ultimate WordPress Security Guide – Step by Step (2021) WordPress Security – 19 Steps to Lock Down Your Site |